TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-05 20:15:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ensure that the responseType is OCSP Basic

Browse Source 
The responseType indicates a large portion of the syntax of an OCSP
response message. At this stage we only support OCSP Basic, so this
change ensure that the parser returns a failure code if the
responseType does not match the OID id-pkix-ocsp-basic.
This commit is contained in:
Andres Amaya Garcia
2017-08-31 12:03:59 +01:00
committed by Andres Amaya Garcia
parent b85378efb3
commit fc3afe5c6b
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
library/x509_ocsp.c
View File

@@ -175,11 +175,13 @@ static int x509_ocsp_get_response_type( unsigned char **p,
resp_type->len = len;
resp_type->p = *p;
if( MBEDTLS_OID_CMP( MBEDTLS_OID_OCSP, resp_type ) != 0 &&
MBEDTLS_OID_CMP( MBEDTLS_OID_OCSP_BASIC, resp_type ) != 0 )
{
/*
* At this stage we only support id-pkix-ocsp-basic. This defines the
* ASN.1 syntax of the remaining OCSP response so return a failure if the
* response type is not OCSP Basic.
*/
if( MBEDTLS_OID_CMP( MBEDTLS_OID_OCSP_BASIC, resp_type ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_RESPONSE_TYPE );
}
*p = *p + len;